CVE-2023-34364

EPSS 0.07%
Published 09.06.2023 07:15:10
Last modified 06.01.2025 18:15:15
Source cve@mitre.org
Teams watchlist Login
Open Login

A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an affected host by copying carefully selected data that will be executed as code.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Progress ≫ Datadirect Odbc Oracle Wire Protocol Driver Version < 08.02.2770

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.218

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://community.progress.com/s/article/Security-vulnerabilities-in-DataDirect-ODBC-Oracle-Wire-Protocol-driver-June-2023

Vendor Advisory

https://progress.com

Product

https://nvd.nist.gov/vuln/detail/CVE-2023-34364

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-34364

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-34364

EUVD